Preventing abuse of media access control addresses by rogue devices
Abstract
Methods are provided to determine validity of a MAC address. The methods involve obtaining a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure and determining whether a MAC address is valid based on the MAC address validity message. Other methods involve obtaining a query regarding a validity of a media access control (MAC) address, determining whether the MAC address is a value included in a data set of expected values of a probabilistic data structure. The data set represents a list of MAC addresses. The other methods involve determining whether the MAC address is valid in the wireless network based on determining whether the MAC address is the value included in the data set and providing a response indicating whether the MAC address is valid.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method comprising:
obtaining, by a network device in a wireless network, a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure; determining, by the network device, whether a MAC address is valid based on the MAC address validity message; and changing an assigned MAC address of the network device to the MAC address based on determining that the MAC address is not valid.
2 . The method of claim 1 , wherein the MAC address validity message indicates the plurality of valid MAC addresses in the probabilistic data structure, and wherein determining whether the MAC address is valid includes:
determining whether the MAC address is in a data set of expected values of the probabilistic data structure.
3 . The method of claim 2 , wherein the expected values in the data set are generated based on a hash value and the expected values are indicative of the plurality of valid MAC addresses that are associated with a service set identifier (SSID) of the wireless network.
4 . The method of claim 1 , wherein the MAC address validity message is a first MAC address validity message that includes a first bloom filter indicating a first set of valid MAC addresses in a first wireless network, and further comprising:
obtaining, by the network device, a second MAC address validity message that includes a second bloom filter indicating a second set of valid MAC addresses in a second wireless network; and determining one or more of:
whether the MAC address is valid in the first wireless network or the second wireless network based on the first bloom filter and the second bloom filter, or
whether the MAC address is valid in the first wireless network and the second wireless network based on the first bloom filter and the second bloom filter.
5 . The method of claim 1 , wherein the MAC address validity message further indicates a plurality of expired MAC addresses in the wireless network, and further comprising:
determining that the MAC address is invalid based on the plurality of expired MAC addresses in the MAC address validity message.
6 . The method of claim 1 , wherein the network device is a wireless access point and the MAC address validity message is broadcasted from another wireless access point and includes the plurality of valid MAC addresses of client devices that are associated with the another wireless access point.
7 . A method comprising:
obtaining, by a network device in a wireless network, a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure; and determining, by the network device, whether a MAC address is valid based on the MAC address validity message, wherein the MAC address validity message indicates that the plurality of valid MAC addresses in the wireless network are available for use by the network device in a next time interval, and wherein determining whether the MAC address is valid further includes determining that the MAC address is available for the use in the next time interval based on the MAC address validity message.
8 . The method of claim 7 , further comprising:
encoding, by the network device, the MAC address for the use by the network device in the next time interval based on determining that the MAC address is available, wherein the MAC address validity message indicates the plurality of valid MAC addresses available for the use in the probabilistic data structure.
9 . The method of claim 1 , further comprising:
performing a MAC address rotation, at a preset time interval, in which a plurality of new MAC addresses are assigned to a plurality of network devices in the wireless network; and generating, by a management device of the wireless network, the MAC address validity message that indicates the plurality of new MAC addresses in response to performing the MAC address rotation.
10 . The method of claim 9 , wherein the MAC address validity message further indicates the plurality of valid MAC addresses prior to performing the MAC address rotation.
11 . The method of claim 9 , wherein providing the MAC address validity message includes:
broadcasting the MAC address validity message to one or more of a plurality of neighboring management devices and the plurality of network devices.
12 . The method of claim 9 , further comprising:
generating the plurality of new MAC addresses using a hash value, wherein the MAC address validity message uses the probabilistic data structure that includes a data set indicative of the plurality of new MAC addresses.
13 . An apparatus comprising:
a network interface to receive and send packets in a network; and a processor, wherein the processor is configured to perform operations comprising:
obtaining, from the network interface, a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the network using a fully-exploded format or a probabilistic data structure;
determining whether a MAC address is valid based on the MAC address validity message; and
changing an assigned MAC address of the apparatus to the MAC address based on determining that the MAC address is not valid.
14 . The apparatus of claim 13 , wherein the MAC address validity message indicates the plurality of valid MAC address in the probabilistic data structure and wherein the processor is configured to determine whether the MAC address is valid by:
determining whether the MAC address is in a data set of expected values of the probabilistic data structure.
15 . The apparatus of claim 14 , wherein the expected values in the data set are generated based on a hash value and the expected values are indicative of the plurality of valid MAC addresses that are associated with a service set identifier (SSID) of the network.
16 . The method of claim 7 , wherein the network device is a wireless access point and the MAC address validity message is broadcasted from another wireless access point and includes the plurality of valid MAC addresses of client devices that are associated with the another wireless access point.
17 . The method of claim 7 , wherein providing the MAC address validity message includes:
broadcasting the MAC address validity message to one or more of a plurality of neighboring management devices.
18 . The method of claim 1 , wherein the MAC address validity message is generated in response to an address rotation.
19 . The method of claim 1 , wherein the MAC address validity message includes a first bloom filter indicating the plurality of valid MAC addresses in the wireless network for a given epoch.
20 . The apparatus of claim 13 , wherein the MAC address validity message includes a first bloom filter indicating the plurality of valid MAC addresses in the network for a given epoch.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.